United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Ofllce 
Address: COMMISSIONER FOR PATENTS 
P.O. B<n 1450 

Alexandria. Virgima 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FIUNG DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONHRMATION NO. 



10/693,S43 



10/22/2003 



7590 m/osnm 

Naval Research Laboratory 
Code 1008.2 

4555 Overlook Ave., S.W. 
Washington, DC 20375-5320 



John P. Mcdermott 



NC 83.820 



7108 



EXAMINER 



ART UNIT 



NOBAHAR, ABDULHAKIM 

1 



PAPER NUMBER 



2132 



DATE MAILED: 07/08/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 
10/693,843 


Applicant(s) 
MCDERMOTT, JOHN P. 


Examiner 

Abduthakim Nobahar 


Art Unit 
2132 
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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply spedfted above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 27 April 2005 . 
2a)S This action is FINAL. 2b)n This action Is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11. 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-31 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration.' 

5) n Claim(s) is/are allowed. 

6) ^ Claim(s) 1-31 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8)0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

?)□ The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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Response to Arguments 

1 . This communication is in response to applicant's response received on April 27, 
2005. 

2. The amendments of claims 1,11 and 1 8 and addition of claims 1 9-31 are 
acknowledged. 

3. Applicant's arguments have been fully considered but they are not persuasive. 

4. With respect to the new limitation of the independent claims 1,11,18 and 23 
applicant, for example, on page 12, lines 2-4 of remarks, argues that: "However, there is 
no disclosure in DeTreville that the curtained code determines whether the computer 
has been tampered with." 

In response to the above, DeTreville discloses a scheme to test an instruction 
before execution either if it is of the type of allowed instruction such as curtained call or 
if it has the privilege level required to invoke the operation at the desired location (see 
[01 17H01 18] also see [0078]-[0086]). If either tests fails a fault signal is generated 
which is functionally equivalent to determine whether the computer has been tampered 
with. 

5. With respect to the dependent claims 19 and 20 applicant, on page 14, lines 4-7 
of remarks, argues that: "DeTreville does not disclose that the curtained code detennine 
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whether at least one of malicious instructions, viruses, deceptive interpreters, and 
Trojan horses are present, or whether deceptive interpreters are present." 

As stated above, Delreville discloses the generation of a fault signal when the 
testing of a current Instruction fails (see [0117]-[01 18]) and DeTreville also discloses an 
ATTEST operation to check whether if any of program components loaded into the 
operating system are tampered with or not (see [0078]-[0086]). In these both cases if a 
fault signal is generated or an un-trusted component is revealed that would indicate an 
attack on the computer system, or presence of a rouge application or execution of an 
un-authorized action, which are corresponding to the limitations of claims 19 and 20. 

6. In light of the above submission the previous rejection of claims is maintained 
with consideration of the amendments of claims 1,11 and 18 and the new claims. 



Claim Objections 
Claim 11 and 21 are objected to because of the following informalities: 
Claim 11, in line 11, recites ", and executes one or more..." The ", and" is extra. 
Claim 21, in line 3, recites "...and, and an incorrect..." The and" is extra. 
Appropriate corrections are required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



Application/Control Number: 10/693,843 
Art Unit: 2132 



Page 4 



Claim 22 recites the limitation "interrupts instructions..." in lines 1-2. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Clainfis 1-31 are rejected under 35 U.S.C. 102(e) as being anticipated by 
DeTreville (US 2004/0015694 A1). 

Regarding claims 1, 22, 23 and 26-28, DeTreville discloses a method for 
authentication between an open system (i.e., a public accessible computer system) and 
a portable IC device (corresponding to a mobile device) (see [0010]). DeTreville 
discloses that a secure communication channel between the open system and the 
portable IC device that contains protected information is established and the 
application(s) desiring to access this information authenticates itself to the portable IC 
device (see [0011]). DeTreville discloses that the open computer system comprising a 
CPU, a secure memory containing a protected code called a curtained code 
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(corresponding to the recited security check program), a memory storage, an operating 
system (corresponding to the recited a first program) for executing the instructions and 
other application programs (corresponding to the recited a second program) (see Figs. 
2. 3 and 7; [0037]; [0038]; [0102]). DeTreville further discloses that the curtained code is 
downloaded from the inner secured memory to a lesser security memory area for 
execution of an authenticating operation whenever is required by users (corresponding 
to the recited receives a secure attention instruction) in order to trust their private data 
to the applications running on the open computer system (see [0102]) and if an 
instruction to be executed is not of the right type or does not have the proper privilege 
level a fault signal is produced (corresponding to the recited identifying whether the 
computer has been tampered with) (see [01 17]-[01 18]). DeTreville also discloses that a 
boot methodology (corresponding to the recited interrupts the execution of all other 
instructions) is used to authenticate the software programs of the open system to the 
portable IC device (see [0037]). 

Regarding claim 2. DeTreville discloses conventional bus architectures for 
receiving computer instructions (see [0038]; [0041]). 

Regarding claim 3, DeTreville discloses a computer system for having a 
processor to execute computer instruction (see [0038]; Fig. 2). 
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Regarding claim 4, DeTreville discloses that a private key is securely stored in 
such a way (internally or externally) that only CPU has the privilege to access it, for 
example, in response to a challenge from the portable IC device (corresponding to the 
recited administrative secure attention instruction) for authentication purpose (see 
[0043]-[0045]). 

Regarding claims 5. 6, 1 1, 15, 16 and 18, these claims are rejected as applied to 
the like elements of claim 1 as stated above and further the following: 

DeTreville discloses cryptographic keys that is used for the authentication of the 
operating system and the applications running on the open system and the result of the 
authentication are transmitted to the portable IC device when a user request 
authentication of the OS or any application program (corresponding to the recited 
execution of the security check program) (see [0037]; [0042]; [0043]; [0059]; [0060]). 

Regarding claims 7 and 9, DeTreville discloses the request (i.e., secure attention 
instruction) for authentication of the OS or an application program running on the open 
system is issued by the portable IC device (an extemal source) and the CPU of the 
open system receive the request from the OS of the open system (see Fig. 2; [0012]; 
[0037]), 

Regarding claims 8 and 10, DeTreville discloses a portable IC device which is a 
secure computer device that have an authentication application (corresponding to the 
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recited mobile software agent) that interact with the operating systeni of the open 
computer system to perfomn authentication process (see [0039]). 

Regarding claims 12 and 17, DeTreville discloses an authentication method that 
is called a curtain methodology (see [0037]). In this method a trusted application is 
authenticated in a secure manner regardless of the trustworthiness of the operating 
system (corresponding to the recited bypass of all other parts of the secure computer 
system). 

Regarding claim 13, DeTreville discloses the request (i.e., secure attention 
instruction) for authentication of the OS or an application program running on the open 
system is issued by the portable IC device (an external source) and the CPU of the 
open system receive the request from the OS of the open system (see Fig. 2; [0012]; 
[0037]). 

Regarding claim 14, DeTreville discloses a portable IC device which is a secure 
computer device that have an authentication application (corresponding to the recited 
mobile software agent) that interact with the operating system of the open computer 
system to perform authentication process (see [0039]). 

Regarding claims 19-21, 24, 25 and 29-31, DeTreville discloses the generation of 
a fault signal when the testing of a current instruction fails (see [01 17]-[01 18]). 
DeTreville also discloses an ATTEST operation to check whether if any of program 
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components loaded into the operating system are tampered with or not. (see [0078]- 
[0086]). In these both cases if a fault signal is generated or an un-trusted component is 
revealed that would indicate an attack on the computer system, or presence of a rouge 
application or execution of an un-authorized action, which are corresponding to the 
limitations of claims 1 9 and 20. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Abdulhakim Nobahar whose telephone number is 571- 
272-3808. The examiner can normally be reached on M-T 8-6. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infonnation for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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SUPERVISORY PATENT EXAMINER 
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